Recent searches

No recent searches

Search options

Only available when logged in.
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.6K
active users

techhub.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.2

#zerotrust

8 posts7 participants0 posts today
G :donor: :Tick:

🚨 OuttaTune — The Microsoft Intune Conditional Access bypass I reported is now officially closed by MSRC (again).

It began as “By Design”… then was reclassified as a Moderate severity vulnerability… led to a product group meeting… and ultimately forced Microsoft to revise their official Conditional Access guidance.

Yet now it’s closed - with no fix timeline, no CVE, and no researcher credit. 🤷‍♂️
Let’s unpack it. 👇

🔍 The Issue
Intune lets you apply Conditional Access policies using device filters - say, “block access to Office 365 from DevBox VMs.”

But that device model? It’s just a registry key.
A local admin can change one line, sync the device, and suddenly it’s not a DevBox anymore. It’s “Compliant.” It’s trusted. It’s in.

🧪 Microsoft’s Initial Response

“This is by design.”
“Assignment filters should be used sparingly.”
“Intune cannot accurately lock down a device if an admin on the machine is actively working against management.”

Wait - imagine Microsoft saying that about Defender for Endpoint:

“Sorry, if someone has admin, Defender just gives up.”

Of course they wouldn’t say that. Because security controls must assume hostile actors. Why should Intune be any different?

🛠️ The Outcome
• I pushed back, published my findings, and spoke directly with Microsoft’s product teams.
• They reclassified the issue as a Moderate security vulnerability.
• They changed official documentation to warn against using properties like device.model in isolation.
“Microsoft recommends using at least one system defined or admin configurable device property…”

That change exists because of this research.

📉 But the Case Is Now Closed

MSRC insists that:

“This requires admin and knowledge of policy filters, so it remains Moderate.”

But attackers don’t need to know your exact filters - they can just trial different registry values and sync until they’re in. No alerts. No resistance. No risk of detection unless you’ve layered in custom EDR rules.

And admin access is table stakes. We can’t keep pretending that post-exploitation scenarios don’t matter.

💬 Final Thoughts

Conditional Access isn’t just about who you are - it’s supposed to account for where and what you’re accessing from.

But when enforcement relies on unverified local data, the door isn’t locked. It’s not even shut.
We’ve just convinced ourselves that it is.

🔐 Trust nothing. Validate everything.
Even the registry keys your policies depend on.

Blog link: cirriustech.co.uk/blog/outtatu

CirriusTech | Serious About Tech · OuttaTune: Bypassing Conditional Access in Microsoft IntuneExposing how Microsoft Intune's device filtering can be trivially bypassed to evade Conditional Access controls.
#Intune#Microsoft365#ConditionalAccess
Simple Nomad

Ok for some reason when I mentioned non-human identities and tracking them, a number of people assumed aliens or something, or just AI agents. What I am looking for are some insights into authentication actions on computer systems - using tokens, APIs, stored secrets, and so on - where a human is not directly involved in the interaction. Yes, AI could be involved, think MCP especially. I know there are tools out there to manage this, just wondering. Think using Okta SSO etc but not human users at all. Thoughts? Opinions? To me this is the next step in zero trust, in that one should have the same principles in place between any and all systems be they human or automated in that are they who or what they claim to be and are they authorized to do go forward and do what they are trying to do. #infosec #security #zerotrust

Annexus Technologies

When it comes to your critical networks, waiting isn’t an option.

Cyber threats move fast—your defense needs to move faster.
That’s where Zero-Wait Networks come in.

We’ve broken down 4 simple steps to help you protect what matters most—from smarter segmentation to real-time response.

Take a look at the graphic and see how a few key changes can make a big difference.
Because in cybersecurity, every second counts.

#CyberSecurity#NetworkSecurity#ZeroTrust
Daniel Kuhl 📯

Delivered with zero trust. And zero drama. 😏

Check Point leads in #SASE security and user experience! In Miercom's latest assessment of top vendors, Check Point Harmony SASE came out on top across 10 real-world use cases.

Our highlights:
✅ Best-in-class Zero Trust & ZTNA
✅ Fastest browsing & downloads for remote users
✅ 99% web threat prevention
✅ Highest-rated admin & user experience

Signed. Harmony SASE’d. Delivered.

blog.checkpoint.com/harmony-sa

Check Point Blog · Independent Tests Prove It: Check Point’s SASE Excels in Security & User ExperienceBy rohann@checkpoint.com
#CyberSecurity#ZeroTrust
*
zenthracore

🚀 First working Redis with post-quantum mTLS using Falcon (NIST finalist) — running in a hardened Alpine container with OpenSSL 3.3.4 + oqs-provider.
⚙️ Falcon keys + certs generated inside the image, Redis launched via --tls-port, and PONGs confirmed via PQ mTLS.

📦 GitHub: github.com/zenthracore/zen.red
🐳 Docker: hub.docker.com/r/zenthracore/z

💡 This might be the first public Redis instance running on PQ crypto.

#PQC#Falcon#Redis
BGDon

Salt Typhoon , a People’s Republic of China (PRC) state-backed cyber attack group is accelerating efforts to probe weaknesses in U.S. cyber infrastructure, while the US Administration dithers and is actively undermining U.S.Cyber Defenses. Examples:

1) FY26 budget includes a $177.4M cut to CISA’s “Cyber Operations,” including its Threat Hunting team which provides technical support to local governments and critical infrastructure operators.

2) FY26 budget includes a $14M cut to the Joint Cyber Defense Collaborative (JCDC), a hub for cyber threat intelligence and coordinating public-private cyber incident responses.

3) June 6 EO removed requirements for federal software vendors to submit proof that their products met secure development standards.

The Homeland Security Secretary recently testified that the administration “still [does not] necessarily know how to stop the next Salt Typhoon.” WIKES! justsecurity.org/116896/what-i

Yonhap Infomax News

KT Corp. will invest over 1 trillion won ($845 million) in information security over five years, enhancing AI-based monitoring, zero-trust frameworks, and DDoS defenses to strengthen customer data protection and prevent cybercrime losses.
#YonhapInfomax #KTCorp #InformationSecurity #AIMonitoring #ZeroTrust #DDoSDefense #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
en.infomaxai.com/news/articleV

Yonhap Infomax · KT to Invest 1 Trillion Won Over Five Years in Information Security—'All-Out Effort for Customer Safety'
More from Yonhap Infomax News
TrendingLive feeds
About